Cleaning up inactive computer accounts in AD with PowerShell

Have you ever had a need to clean a large number of unused computer accounts out of AD? This can be done quickly and easily with PowerShell. For AD work I personally prefer to use the Dell/Quest ActiveRoles Management Shell of Active Directory cmdlets, they are available free here. Since removing a massive amount of computer accounts can be career limiting if done wrong, this is the method I prefer:

Identify computer accounts that have been inactive for 90 days.

Move the accounts to a temporary OU

Disable the computer accounts

Delete the computer accounts once it has been determined they are no longer needed

Moving the accounts to an “inactive computer” OU and disabling them gives you a safety net should the computers just be laying around powered off somewhere and keeps tools like SCCM from discovering the unused computers accounts. From that point, I like to keep the disabled accounts around for a while since it is much easier to just re-enable an account than to re-join the domain, especially if the machine is in a remote location. Once I feel confident that the accounts are no longer needed, the accounts can be deleted.